Nitrogen ransomware was derived from the previously leaked Conti 2 builder code and is similar to other Conti-based ransomware, but a coding mistake in its ESXi malware causes it to encrypt files with the wrong public key, irreversibly corrupting them. In practice, this means even the threat actor can’t decrypt affected files. If victims don’t have viable backups, they have no way to recover ESXi-encrypted servers. Paying a ransom won’t help in these cases, because any decryption key or tool the attacker provides won’t work. Read more

Ransomware isn’t new, but the way attackers gain access keeps evolving. In 2025, human‑targeted tactics and cloud‑based compromise dominate the threat landscape. Phishing emails are only the beginning; today’s campaigns extend through chat platforms, voice calls, and even trusted SaaS integrations. The goal is simple: find one person, one credential, or one misconfigured service that opens the door. Read more

“If you pay a ransom, will you get your files back?" It’s a ubiquitous question that the majority of security blogs and vendor surveys fail to answer correctly. A quick search online will yield a dozen contradictory statistics. Why is this such a difficult question to answer? The truth is outcome statistics vary dramatically from case to case, and broad averages are useless for making real time, critical decisions. Read more

Remote access is the backbone of modern business. Employees log in from home and on the road, vendors and contractors need entry points to keep services running, and IT teams depend on remote tools to manage sprawling hybrid environments. In short, organizations can’t function without it. Read more

Coveware by Veeam experts have observed a sharp rise in Akira ransomware cases, with more than 40 of those incidents tied to a single exploitation pathway. At the center of these cases is a recently mitigated VPN vulnerability in widely deployed enterprise appliances, which Akira has been actively exploiting to gain initial access. What makes this surge particularly concerning is that many of the victim organizations had already applied the vendor’s patch. Read more

For many organizations, this is the nightmare scenario: you think you’ve negotiated your way out of a ransomware attack, you’ve paid the ransom demanded, and you’ve waited for the promised decryption tool. But when you think your data is safe and the ordeal is finished, you discover your data is still lost. Read more

Yet Another Recursive Acronym (YARA) is a valuable tool for identifying and classifying malware. In this article, we’ll explore YARA functionality,  including what it does and how to write effective YARA rules for threat intelligence and malware detection. Read more

Ransomware attacks are evolving faster than ever, making cyber resilience a top priority for organizations of all sizes. In this post, our principal product marketing manager, Leah Troscianecki, EMEA field CTO, Edwin Weijdema, and VP of information security, Courtney Elder, answer some of the main questions from Veeam’s Risk to Resilience Report, share real-world insights from the front lines, and offer actionable best practices to help your business prepare for and recover from cyber incidents. Read more

As we approach the one year anniversary of two prominent ransomware group collapses (Lockbit and BlackCat/ALPHV), we find the ransomware ecosystem to be as fractured and uncertain as it did in the months following these events. The Ransomware-as-a-Service (RaaS) model remains irreversibly tarnished after the groups that pioneered this framework were exposed as being fraught with infighting, deception, lost profits, and compromised anonymity for their affiliates. Joint law enforcement actions over the last year have systematically impaired the resources ransomware actors depend on to operate. In the case of domestic threats, law enforcement efforts have even put a number of bad actors behind bars. While certain groups persist and new names continue to trickle in and out of the ransom-sphere, ... Read more

With over 60 sessions and more than 100 speakers, VeeamON 2025 was a resounding success. We’re thrilled you joined us — whether in San Diego or virtually — to continue to learn the transformative potential of data resilience. During three action-packed days, we introduced significant new products and features, presented groundbreaking research on ransomware protection and the state of data resilience, and much more. Read more